How to check the source address?
by philippepma@free.fr
Hello.
Is it possible, today or in the future, to check the source address?
Like this :
-A INPUT -p udp -m udp -s 212.27.38.253 -j ACCEPT
Philippe.
11 years, 1 month
how to use the default target?
by philippepma@free.fr
Hi.
I try to change the value of the default target by DROP.
But change does not seem to have any effect.
And after stop / start of firewall-config default target is ACCEPT, again.
I tried with an existing zone and a new zone.
Thanks, Philippe.
11 years, 1 month
How to add rules for protocols beside tcp/udp?
by Stefan Hellermann
Hi,
I want to allow traffic of the ospf protocol in the work zone. But I
found no way to do this, besides custom iptables commands and
firewall-cmd --direct rules which are not persistent. There are more
than 100 protocols listed in /etc/protocols, so there should be a way
to allow a custom protocol.
My best try:
firewall-cmd --direct --add-rule ipv4 filter INPUT 99 -d 224.0.0.5 -p
ospf -j ACCEPT
How can I get this use case to work with firewalld? Or will this be
never supported? I'm trying all this on freshly installed a Fedora 18.
What chain should I use? INPUT works for me, but there are others
which look more correct, like IN_ZONE_work_allow, IN_ZONE_work or
IN_ZONE_work_direct
Regards,
Stefan Hellermann
11 years, 2 months
Regarding ICMP filters
by Ranjith Rajaram
Hello,
This is the default firewalld configuration
[root@localhost ~]# firewall-cmd --list-all
public
interfaces: eth0
services: mdns dhcpv6-client ssh
ports:
forward-ports:
icmp-blocks:
I initiate a ping from another box to a Fedora 18 beta.
Ping is successful. While ping is active,I modify the firewalld to block
icmp
[root@localhost ~]# firewall-cmd --list-all
public
interfaces: eth0
services: mdns dhcpv6-client ssh
ports:
forward-ports:
icmp-blocks: echo-reply echo-request
I go back and check the terminal from where I initiated the ping. I
could see ping is still successful. I expect to see it fail
So I stop the ping process and then restart it. Now I see ping fails
with the "Destination Host Prohibited" message which is expected
When you compare it with old static firewall, the moment you add a
similar rule, icmp request is stopped
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
How do you stop/block a existing active connection using firewalld ?
Is there a way, you can block a specific ip address [I do not see any
option to block]
Best regards
Ranjith
PS: learning firewalld using https://fedoraproject.org/wiki/FirewallD.
11 years, 2 months
Question about zones
by Nathanael D. Noblet
Hello,
So I've installed Fedora 18 and with it Firewalld. One thing I
haven't figured out is this. I'm wondering how 'smart' the zones are.
For example, the internal zone. Does it open those services to ANY
request or just to requests coming from an internal source? For
example I have a system that is behind a router/firewall. I'd like it
to allow all ssh connections. But some other services I'd like
accepted only if they are on the same subnet etc... Is that how
firewalld works already? If not how do I do this?
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
11 years, 2 months